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Instance-based methods are a specific class of metfiods for automated proof search in first-order logic. This article provides 
an overview of the major methods in the area and discusses their properties and relations to the more established resolution 
methods. It also discusses some recent trends on refinements and applications. 

This overview is rather brief and informal, but we provide a comprehensive literature list to follow-up on the details. 



1 Introduction 

Automated Reasoning (AR) is an application-relevant subfield of 
both Logic in Computer Science and Artificial Intelligence. The 
main tool is mathematical logic, which provides both a language 
for modeling a domain of interest and inference mechanisms for 
logical reasoning. AR involves the design of efficient reasoning 
algorithms based on logical calculi, their software implementa- 
tion and application. AR techniques have been proven useful in 
areas such as Computer-Aided Verification, Database Systems, 
Programming Languages, Computer Security, Artificial Intelli- 
gence, Logic Programming, and Software Engineering. 

In this article we focus on AR in first-order logic (FOL), 
which has a long-standing tradition in Al. The perhaps best- 
known methods are based on the resolution calculus, which dates 
back to 1965 [Rob65] . or on analytic tableaux methods. (For 
example, Prolog's SLD-resolution can be appropriately described 
as a tableau method.) With the development of instance based 
metliods (IMs) since the 1990s, a comparably new family of AR 
methods for FOL is available now. While also being sound and 
complete, IMs typically explore a different search space and ex- 
hibit different termination behaviour, which makes them attrac- 
tive from a practical point of view as a complementary method. 
For instance, IMs naturally provide decision procedures for a cer- 
tain fragment of first-order logic, the Bernays-Schonfinkel class, 
which currently attracts a lot of attention as a compact knowl- 
edge representation language. See also [Pla94] for a comparison 
of various calculi and strategies, including an instance based 
method. 

2 Ideas and History 

Like many other AR methods, IMs assume the input formula 
given as a set of clauses. A clause is an implicitly universally 
quantified formula of the form ii V ■ • • V Ln, where each Li is 
a literal, i.e. an atomic formula or its negation (also known as 
a positive or negative literal, respectively). The members of a 
given clause set are implicitly connected by "and". 

As there are efficient translations from a more general first- 
order logic syntax into clause logic [NWOl, e.g.], the assump- 
tion above does not lead to a loss of generality. Determin- 
ing the validity of a given formula — the most common rea- 
soning problem — translates into a question of unsatisfiability of 
the clause set obtained from the negation of the given formula 



( "refutational theorem proving"). 

The general idea behind IMs is to prove the unsatisfiability 
of a clause set by generating sets of ground instances of its 
clauses, then checking the unsatisfiability of these sets. This is 
a sufficient test for the unsatisfiability of the given clause set, 
because, if a set of instances is not satisfiable then neither is the 
given clause set. Consider an example that does this in a very 
inefficient way. We generate ground instances (i.e. variable-free 
instances) of every clause in the clause set below by looping 
over possible constants to try, then check to see, e.g. with a 
propositional logic SAT solver, whether the generated instances 
are unsatisfiable {x,y,z are variables, a,b are constants). 

P{x,y) -nP{a,z)y Q{a,z) -nP{b, z) V R{b, z) -^R{b,c) 

We could start by generating a set of instances where every 
variable is replaced by a constant, say a: 

P{a,a) -nP(a,a)V Q{a,a) -nP{b, a) V R{b,a) -^R{b,c). 

This set is satisfiable, so we continue the loop. If the enumera- 
tion of instances is done in a fair way, we will eventually end up 
with an unsatisfiable set, such as 

P(6,c) -^P{a,c)\/ Q{a,c) -^P{b,c) y R{b,c) -^R{b,c) 

and we can stop. 

There are two important points of inefficiency here. The 
first one is that the clause -^P{a, z) V Q{a,z) is superfluous, 
as the clause set is unsatisfiable without it. We should thus 
avoid generating instances of this clause altogether. The second 
point of inefficiency is the lack of direction in the instantiation 
process, leading to many dead-ends as we generate instances 
that do not lead to an unsatisfiable set. Usually, the dead-ends 
can be avoided by keeping the generated sets, but one still has to 
deal with all the superfluous instances generated. Contemporary 
IMs try to avoid these and other problems in order to obtain 
practically useful methods. 

The idea explained above is already present in the work by 
Davis, Putnam, Logemann and Loveland, and others, in the 
early sixties of the last century | DP60I [DLL 62|. One of their al- 
gorithms to check the satisfiability of the sets of instances is still 
popular as the basis of modern propositional SAT solvers, com- 
monly referred to as the "DPLL procedure". However, because 
of its primitive treatment of quantifiers by uninformed guessing. 



their first-order logic procedures have quickly been overshad- 
owed by a reasoning procedure developed soon afterwards, the 
resolution calculus [Rob65]. 

One of the key insights in [Rob65] concerns the use of MGUs 
(most general unifiers) for reasoning on clauses, as in the reso- 
lution inference ru/e0 



3 Inst-Gen 



LW D 



if cr is a MGU of K and L 



That o" is a most general unifier means that, given any unifier 
r (a substitution that makes the involved literals equal), there 
is a substitution 7 such that (77 = r . The notation L refers to 
the complement of L. 

In contrast to resolution, IMs work with instances of clauses 
without combining them into new clauses as the resolution in- 
ference rule does. With that view, bottom-up model generation 
procedures like SATCHMO [MBSS] and hyper tableau [BFN96| 
qualify as IMs. They employ unification at the core of their in- 
ference rules, but still require blind guessing of ground instances 
in certain circumstances. A stream of research that avoids this 
was initiated with Lee and Plaisted's first IM, the Hyper-Linking 
calculus [LP92]. Hyper-Linking is akin to the instantiation loop 
described above, but uses unification to guide the instantiation 
of clauses and capitalizes on the latest SAT solver technology 
for the unsatisfiability check of the instance sets. Since then, 
other IMs have been developed by Plaisted and his coworkers 
[CP94I [PZOO|. Another influential approach is Billon's discon- 
nection calculus I B il96j . which was picked up by Letz and Stenz 
and has been significantly developed further since then into a 
tableaux-like IM [ LSOll ISL0 4|. To some extent, the tableau 
structure of Disconnection Tableaux enables one to avoid the 
problem of superfluous clauses. 

One of the authors of this paper introduced a first-order 
version of the propositional DPLL procedure mentioned above, 
First-Order DPLL (FDPLL) [BauOO], which is now subsumed by 
the Model Evolution (ME) calculus [BT03]. These two calculi 
are less concerned with generating sets of instances of the clauses 
themselves; instead they focus on finding a potential model for 
the clause set by a semantic-tree construction. The model rep- 
resentation formalism in the ME calculus has been studied in its 
own right by fFP05| . 

Other IMs have also been described in [Bau98l IBEF99| . 
by Hooker [H RCS02] . and by Ganzinger and Korovin [G K03| . 
See [JW07] for a thorough comparison of some of these IMs. A 
rather recent development is [dMB08], which employs tuple-at- 
a-time reasoning for sets of ground instances of clauses, which 
are represented by BDD. 

In the following we describe the idea behind some of these 
methods in more detail. A key notion to several of them is that 
of a link between two clauses. Given two clauses C \l K and 
L\J D, the literals L and K constitute a link if there is an MGU 
G for L and K. 



^It took another 25 years until the development of the "modern" 
theory of resolution had begun in the 1990s [BG90|. This lead to a 
breakthrough in resolution theory by unifying more or less all resolution 
variants and improvements until then in a single theoretical framework, 
yet more elegant, general and powerful [BGOl]. 



Inst-Gen [GK03] is perhaps the conceptually simplest IM. Un- 
like the unguided IM in Section (2] Inst-Gen uses unification to 
generate clause instances, which is realized with the following 
inference rule: 
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if a is a MGU of K and L 



Notice that the side condition in the rule can be replaced by 
"L and K constitute a link with unifier a" . The rule can be 
strengthened by requiring that at least one conclusion clause 
must be a proper instance of its premise, that is, the conclusion 
must be an instance of its premise but not the other way round. 

The Inst-Gen inference rule differs from the resolution rule 
by keeping the instantiated premises separate instead of combin- 
ing them into one resolvent. While resolution derives the empty 
clause _L to indicate unsatisfiability, Inst-Gen uses a SAT solver 
to check propositional unsatisfiability of the clause set after in- 
stances have been added. For that, every variable in every clause 
is uniformly replaced by the same constant. Intuitively, by this 
process an unsatisfiable clause set gets closer and closer to being 
propositionally unsatisfiable. 

The beauty of Inst-Gen is that it is "trivially" sound and not 
so difficult to prove complete. It is sound because it always adds 
instances of clauses already present, hence consequences thereof. 
To get a deeper understanding of how the calculus works it is 
instructive to sketch its completeness proof. As a prerequisite 
for that, let _L denote the substitution already mentioned above 
that uniformly replaces every variable by some fixed constant. 
Also, assume as given a clause set M that is closed under the 
application of the Inst-Gen inference rule, modulo alphabetic 
variants of clauses. Completeness then amounts to showing that 
if M is unsatisfiable then Ml. is likewise unsatisfiable. It is 
advantageous, however, to work in the contrapositive direction. 
Thus assume that Af_L is satisfiable; it sufPices to construct a 
model for M. 

Because Af_L is satisfiable, there is a satisfiable path P 
through Af_L, that is, a set of literals that is obtained by picking 
exactly one literal from each clause in Af_L and such that P 
does not contain a link, i.e., two complementary literals. 

We sketch how P guides the construction of a model I for 
Af, better said, a partial model for Af that can be extended to a 
total one (a partial model is a consistent set of ground literals): 
initially let / be the empty set. For every clause C G Af and 
every ground instance Cj do the following: if 

1. C is the most specific representation of C7, that is, there 
is no clause D £ AI that is a proper instance of C such 
that C7 — Dj' for some 7', and 

2. C7 is false in I, and 

3. if is a literal in C such that Kl. £ P and Kj is undefined 
in / (i.e., neither K"/ nor its complement A'7 are in 7) 

then add K'y to /. In this case we say that C7 generates A'7 
(in J). 

Now, assume to the contrary that I falsifies some ground 
instance D7 of a clause D £ M. We show that "enough" 
inferences must have been applied so that I satisfied 1)7, this 
way contradicting the assumption. Without loss of generality 
assume that D is a most specific representation of D7 (among 
all representations there is always a most specific one). Let 



L £ D he a literal such that LI. G P (recall that P contains a 
literal from every clause in Af±, thus we can find such an L). 
As is false in /, cannot be generating and we must have 
L7 £ /. That is, some clause C7 generates Ly in /. Let K £ C 
be a literal such that K'y — L7. Now, the Inst-Gen inference rule 
is applicable to C and D by using K and L as the link literals. 
Let a be the MGU of K and L. By condition 3 above it holds 
that K± £ P. As L_L G P the MGU a must replace at least 
one variable in K or \n L by a non-variable term, otherwise P 
would contain complementary literals. Therefore, Ca is a proper 
instance of C, or Da is a proper instance of D (or both). Both 
cases give a contradiction: in the first case, C7 would not be 
generating as Ca is a more specific representation of C7 (recall 
that M is closed under Inst-Gen, and hence Ca G M). Similarly, 
in the second case D would not be a most specific representation 
of D"/ by virtue of Da G M. Thus, the assumption that / 
falsifies a D7 cannot hold, and the proof is complete. 

The Inst-Gen calculus is extensible by many refinements, in- 
cluding hyper-style inference, semantic selection (add instances 
that are not yet satisfied by the prepositional model PI.), and 
certain forms of redundancy elimination, which can all be justi- 
fied by the model-generation completeness proof above. 

4 Hyper-Linking 

The Hyper-Linking calculus [LP92| works, similarly to Inst-Gen, 
by looking for links between clauses. The process is divided into 
"rounds"; each round computes for every clause C the set of 
hyper-links for this clause. A hyperlink for C = ii V ■ ■ ■ V Ln is 
a set of links between C and other clauses such that for every 
i, there is one and only one link featuring Li. 

For every such hyper-link, one can compose the unifiers of 
every link in it (possibly renaming variables) to get a single sub- 
stitution for the hyper-link. Call this substitution 9; the instance 
added to the current clause set is C9. After all the clauses have 
been processed (this process terminates), the calculus temporar- 
ily grounds every clause by substituting some distinct constant 
for every variable to obtain a set of ground clauses, as for Inst- 
Gen. This set can be checked for satisfiability by e.g. resolution, 
and if it is unsatisfiable the procedure stops. Otherwise, a new 
round is initiated with the set of instances that the last round 
failed to refute as input. 

In this calculus, the instances computed are an attempt to 
create complementary clauses. This helps to avoid superfluous 
clauses, as they would have few or no links to other clauses. 
However, ifthereisa "cluster" of superfluous clauses, i.e. clauses 
that have links between them but no links to other clauses, 
and this cluster is satisfiable, Hyper-Linking would still generate 
instances of clauses in the cluster. 

The Hyper-Linking calculus has been developed further, and 
has lead to I Ms that take advantage of semantic guidance and of 
certain refinements based on ordering restrictions | CP94|[PZ00] . 

5 Disconnection Tableaux 

The Disconnection Tableaux calculus [LSOlJ works on links, 
which are also called connections in this context. In contrast to 
Hyper-Linking, where all the links of a clause are used together. 
Disconnection looks at one link at a time. The general idea is 



as follows: One starts by setting up an initial path through the 
input clause set by arbitrarily picking one literal from each input 
clause. This initial path is fixed throughout the entire subse- 
quent tableau construction. Starting with the initial path, the 
calculus' single inference rule takes a branch constructed so far 
and looks for a link between two literals on the branch. If such a 
link exists and, say, C and D are two clauses containing the link 
literals, the calculus expands the branch by the clause instances 
Ca and Da using the unifier a for this link. This way, the link is 
"disconnected". Every relevant instance that can be found this 
way eventually ends up on the tableau, and if a branch contains 
literals that become complementary when grounded to a special 
constant, it is closed. A proof is a tableau where every branch 
is closed. 

Consider an example expansion with the clause -<P(a,z) V 
Q{a,z), with -iP(a, 2) being the literal on the initial path to 
the following tableau (the initial path is not drawn): 

-,7?(aC&)^^pj^!fe)^^(a^ b) 

To use the link between P{x,b) and -^P{a,z), the variable 
X has to be instantiated to a, and z to b. Before doing the ex- 
pansion with -^P{a, z) V Q{a, z), the instantiated tableau clause 
has to be put on the branch. The branch marked by * is closed, 
as it contains complementary literals P{a,b) and -iP(a, 6). 

After the expansion, the tableau looks like this: 




-^R{x,b) P{x,b) S{x,b) 




-^R{a,b) P{a,b) S{a,b) 




-^P{a,b) Q{a,b) 

In general, the test for complementary literals is carried out 
after the tableau has been temporarily grounded by replacing 
every variable by a constant, as for Inst-Gen and Hyper-Linking. 
Any branch satisfying this condition without looking at the initial 
path can be closed, and there is always at least one such branch 
in every expansion. 

This way of looking for single links that are "needed" , i.e. can 
be used together with the clauses that are already there, removes 
the problem of superfluous clauses to a large extent, as they have 
few or no links to other clauses. Hyper-Linking, for example, 
does not have a way to avoid this possibility. On the negative 
side. Disconnection generates many similar branches, something 
that can lead to near-copies of derivations. 

6 FDPLL and Model Evolution 

The First-Order DPLL (FDPLL) |BauOO | calculus and its suc- 
cessor. Model Evolution (ME) [BT03! share some features with 
the calculi described above. The main object of a derivation is a 
tree, as in Disconnection Tableaux, but branching is on comple- 
mentary literals instead of clauses. As in Hyper-Linking, every 



literal of the current clause must be simultaneously linked with 
literals on the current branch to drive the inference rules. 

FDPLL and ME have been introduced as a lifting of the 
propositional core of the DPLL procedure to the first-order level. 
To describe how they work, it is instructive to recapitulate propo- 
sitional DPLL first: Given a propositional clause set S, one picks 
a propositional variable, say A, from a clause in S, and creates 
two new clause sets SfA/T] and ^[^/-L] (by S'[yl/_L] we mean 
the set 5 with every instance of A replaced by ±), to be analyzed 
separately. The two clause sets created are simpler than S, and 
can be further simplified by propositional rules, e.g. ^ VT = T. 
If we find an elementary contradiction during this simplification, 
that clause set is unsatisfiable. If not, a new propositional vari- 
able to split on is picked, until all propositional variables have 
been exhausted (with the conclusion that S is satisfiable), or all 
the sets generated are shown to be unsatisfiable, which means 
that S is not satisfiable either. 

FDPLL lifts this splitting rule to first-order clauses by case 
analysis on possibly non-ground literals. FDPLL can be de- 
scribed as a semantic tree construction method akin to Dis- 
connection tableaux, but branching on complementary literals 
instead of clauses. The intention of the calculus is then to con- 
struct a model for the input clause set. As an example, consider 
the two clauses 

P{a,y) P{x,b)V^P{z,y)wQ{x,y,z) 

and suppose that the following tree has already been derived: 

The left branch specifies the interpretation that assigns true 
to all ground instances of P{a,y), and false to all other atoms. 
This interpretation assigns false to the second clause — in fact, 
it assigns false to every instance of P(a;, b)V^P{a, y)\/Q{x,y,a) 
where x is different from a. This situation is detected by unify- 
ing the branch literal P{a, y) with the complement of the clause 
literal -iP{x,y). Such links with branch literals have to be found 
for every clause literal. Positive clause literals can also be linked 
with the pseudo-literal "^x" in the root node, where x unifies 
with any positive literal. In general, if a clause instance C com- 
puted this way contains a literal L such that neither L nor the 
complement of L is on the branch, the branch is extended by 
splitting on L and its complement. In the example, the literal 
P{x,b) can be used for this, but -^P{a,y) cannot. On the left 
branch the interpretation will at least partially be "repaired" to- 
wards a model for C, and on the right branch the clause C is 
implicitly shrunk by the presence of the complement of L. Both 
cases mark some progress in either finding a model or a refu- 
tation. The test for closing branches is similar to the one in 
Disconnection Tableaux, and is based on simultaneously unify- 
ing all the literals of a clause with complementary branch literals 
after temporarily grounding them. 

FDPLL is sound and complete. Regarding soundness recall 
that branch closure is based on temporarily replacing every vari- 
able in every branch literal by some fixed constant. A closed tree 
can therefore be seen as one that branches on complementary 
propositional literals. Soundness of FDPLL then follows easily. 

The completeness proof is of the model-generating kind, akin 
to the one for Inst-Gen (cf. Section [3]|. In FDPLL, the central 
concept is that of a candidate model induced by a (current) 



branch. Similarly to Inst-Gen, one can argue that any open 
branch in a fair derivation has had "enough" inferences applied 
to it, so no falsified clause can exist. We just note one key 
property here: Whenever the candidate model falsifies a clause 
C, there is a clause instance Ca, where a simultaneously unifies 
the links between all literals in C and branch literals. The branch 
is then either closed or the branch can be split with some literal 
in Ca. Conversely, if no such unifier a exists then C holds true 
in the candidate model. This fact can be seen as a semantically 
justified redundancy criterion - inferences with "true" clauses 
need not be carried out. 

The following semantic tree can be derived from the example 
tree above in two steps: 



-ix 




P{x,b) -^P{x,b) 




P{a,b) -^P{a,b) 

The ME calculus subsumes FDPLL by also lifting several 
simplification rules from DPLL to the first-order level. ME op- 
erates on sequents of the form A h <J>. The set of literals A cor- 
responds to a branch in an FDPLL semantic tree and is called a 
context, while $ is the current clause set to be refuted. As said 
earlier, the chief advantage of ME over FDPLL is that it man- 
ages to lift the simplification rules of DPLL to first-order logic. 
An example of this is the Subsume rule, which in the proposi- 
tional case allows one to simplify a clause set {L, L V C, . . .} to 
{L, . . .} — as L has to be true, the satisfiability of this clause 
set does not depend on L V C. A dual rule. Unit Resolution, 
allows to remove a literal from a clause in the presence of a unit 
clause with a complementary literal. Such rules are mandatory 
in practice, and ME contains first-order logic variants of both of 
them. They are used to simplify the current clause set <J> based 
on the current context A. 

In addition to the simplification rules there are two rules 
that add literals to the context. Assert and Split. The Split rule 
is similar to the splitting rule in FDPLL, while the Assert rule 
is a lifting of the propositional rule that assigns T to a clause 
containing a single literal, called a unit clause. Such a clause 
can only be made true in one way, namely by assigning true to 
the literal (in the propositional case), or assigning true to every 
instance of the literal (in the first-order case). 

7 EPR 

In the previous sections we have reviewed several IMs by sum- 
marizing their main underlying ideas and differences. IMs are 
conceptually different to more established methods based on 
resolution or unification-based free-variable tableaux. This way, 
they contribute as alternative methods to the repository of avail- 
able first-order AR methods. In particular, IMs are strong on 
a certain fragment of first-order logic that proves difficult for 
many other methods. More precisely, all instance-based methods 



can be used as decision procedures for tlie Bernays-Schonfinkel 
(BS) class of first-order logic. This class consists of formu- 
las that, when written in prenex normal form, have the form 
3xiy(j){x,y), where is a quantifier-free formula without func- 
tion symbols. Such formulas are sometimes also referred to 
as effectively propositional (EPR), since they can be effectively 
translated into propositional logic by a finite process of ground- 
ing. However, the cost of that is an exponential blow-up in 
formula size. The translation into clause logic always yields 
a clause set that may contain variables and constants, but no 
terms built from proper function symbols ("Datalog"). 

This property helps to explain why IMs decide the satisfia- 
bility problem of the EPR class. It is simply because the set of 
instances of a finite clause set without function symbols is finite 
modulo renaming of clause variables, something that is easy to 
control in IMs. By contrast, resolution (see the resolution in- 
ference rule in Section [2]| might derive clauses of unbounded 
length, which makes it less suitable for EPR. This circumstance 
may partially explain why the winners in the EPR category in the 
annual CADE ATP Systems competition (CASC [SS06]), a ma- 
jor competition for automated theorem provers, have for the last 
six years been instance-based provers instead of resolution-based 
provers. 

The decidability problem of EPR is complete for NEXP- 
TIME. In practical terms this means that much more succinct 
problem specifications are possible with EPR than with propo- 
sitional logic. This suggests to capitalize on IMs as decision 
procedures for EPR and to investigate practically feasible re- 
ductions of application problems into EPR. For instance, it is 
already known that bounded model checking problems can be 
encoded in BS logic much more succinctly than in propositional 
logic [NV07]. 

Another example is the optimized functional translation of 
modal logics [OS97J to BS logic [Sch99j. Many benchmark 
problems obtained this way are contained in the TPTP problem 
library [SS98 , and implementations of instance based methods 
consistently score very well on them. In the description logic con- 
text, [MS S04| show how to translate the expressive description 
logic <S'HXQ(D) to BS logic, but with a different motivation. 

Other potentially useful applications of IMs as decision pro- 
cedures for EPR lie within the constraint programming area. 
IMs are possibly not the preferred choice as solvers for search 
problems, typically in NP, as this is the domain of the traditional 
constraint programming paradigm. More appropriate seems the 
application to e.g. model expansion problems [MTHM06J (with 
NEXPTIME combined query/data complexity), which can be re- 
duced to EPR in a way similar to finite model computation men- 
tioned above. Another application is to analyze constraint mod- 
els for certain "interesting" properties, like proving of functional 
dependencies and symmetries between decision variables [CMOS 
ICM04| . Quite often, the resulting proof obligations lie within BS 
logic. 

A "generic" application area is finite model computation. 
Finite model computation is the problem of computing a model 
with a finite domain for the given formula or clause set, if one ex- 
ists. One application of this is in computing counterexamples of 
"false" theorems, which arise frequently in software verification 
or modelling in early stages. See | BT98I [BS06l ldNM06| for IM- 
related methods. Other methods for finite model computation 
essentially work by stepwise reduction to formulas in proposi- 



tional logic and use a SAT solver on the result. | Sla94l [McC94l 
[ZZ951 [CS031 IPel03bl e.g.]. In [BFdNT09| it was shown how 
this model computation paradigm can be rooted in the Model 
Evolution calculus instead of a SAT solver, something that can 
lead to space advantages. Actually, the results in [BFdNT09] 
are more general, and any method that decides the EPR class 
can be used. 

8 Conclusions and Outlook 

In this paper we surveyed methods for instantiation-based the- 
orem proving and indicated their strength for the EPR class 
of first-order logic formulas. We concentrated on the basic ver- 
sions of four typical IMs, Inst-Gen, Hyper-Linking, Disconnection 
Tableaux and FDPLL/Model Evolution. The theoretical power 
of each of them is the same, they all are sound and complete 
methods for first-order clausal theorem proving. So what are the 
differences? First, there are conceptual differences in the way 
they lift propositional reasoning to the first-order level. IMs can 
broadly be classified as one-level vs. two-level methods: two- 
level methods like Inst-Gen and Hyper-Linking directly employ 
a propositional SAT-solver as a subroutine for periodic unsatis- 
fiability tests of the grounded version of the current clause set. 
This way, these methods can always capitalize on the latest ad- 
vances in SAT-solving technology. In the extreme case, when the 
given clause set is already ground, their performance is the same 
as if their SAT-solver had been directly called. In contrast, one- 
level methods like Disconnection Tableaux and FDPLL/Model 
Evolution work directly with "lifted" first-order logic data struc- 
tures and inference rules of their propositional base calculi — 
in these cases propositional tableaux and propositional DPLL. 
These first-order data structures allow some optimizations that 
are difficult to replicate on the propositional level; see the dis- 
cussion of "candidate model" and redundancy criterion in Sec- 
tion [6] On the other hand, two-level methods can take advan- 
tage of SAT-solving technologies only by adapting them indi- 
vidually, both with respect to theory and implementation. A 
good example for this is lemma learning, a key factor in modern 
SAT-solving which helps to avoid repeating identical parts of a 
refutation. It required some efforts to integrate lemma learning 
into Model Evolution [BFT06] but, on the upside, led to a more 
powerful lemma learning mechanism. 

Other differences between the IMs considered here would 
require a deeper technical treatment, something that is beyond 
the scope of this paper. See [JW07] for a comparison of IMs 
with respect to simulations of refutations. 

In most applications, e.g., software verification, an efficient 
treatment of equality by specialized inference rules is manda- 
tory. Fortunately, research on efficient equality reasoning in IMs 
can capitalize on the results developed for the resolution calcu- 
lus over the last 20 years. Indeed, some promising approaches 
along these lines have been developed for Inst-Gen [GK04j, for 
Disconnection tableaux [LS02], and for Model Evolution [BT05]. 
These approaches all employ ordering restrictions as pioneered 
for the resolution calculus (see [NROlj for an overview). How 
this is concretely realized and the discussion of the differences is 
beyond the scope of the this paper. A related but less developed 
topic is the integration of reasoning modulo more general back- 
ground theories, such as integer arithmetics or theories of certain 



data structures (lists, arrays, sets, etc). This is currently a hot 
topic, and only some initial results are available |GK06|[BFT08] . 
One motivation for this stream of research to address a major 
weakness of the prevailing approach to theory reasoning. Sat- 
isfiability l\/!odulo Tlieories (SMT) [RT06]. To explain, current 
SMT systems are practically very successful for quantifier-free 
(i.e. ground) input formulas. However, they do not natively sup- 
port quantifiers and resort to incomplete instantiation heuristics 
for quantified formulas. In contrast, IMs are devised as first- 
order logic calculi at the outset and provide a systematic treat- 
ment of quantifiers. Equipping IMs with theory reasoning could 
thus provide alternatives to SMT. Under certain restrictions it 
is even possible to design refutational complete calculi over, say, 
integer arithmetics. 

A different line of research has only just begun, the combi- 
nation of instance based methods and resolution calculi. The 
motivation for that is to combine their individual strengths in 
a single framework. 



See [B WOQ] for an integration of Model 
Evolution and Superposition, and | LM09 | for an integration of 
Inst-Gen and Resolution. 

Many of the calculi we discussed have been implemented, 
yielding insight into their practical applicability. For Hyper- 
Linking, there is a prover CLIN [Lee90], with improved versions 
CLIN-S (semantic restriction) [CP97J and CLIN-E (equality han- 
dling) [Ale97j. For Disconnection Tableaux, there is a prover 
DCTP [Ste02 1 featuring both equality handling and various re- 
finements. The same is true for Inst-Gen, with the iProver | K08| . 
and the Model Evolution calculus, with prover Darwin |BFT04| . 
DCTP, iProver and Darwin regularly participate in the CASC 
competition. 

Other basic research questions concern, for example, search 
space improvements, implementation techniques, variants for 
deciding more fragments of first-order logic than are currently 
known, better understanding of theoretical properties, and clar- 
ifying the relationships between IMs and other methods. 

Acknowledgements. We thank the reviewers for their helpful 
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